The ethics of software

Most people probably don't think of software engineering as an occupation with the same ethical requirements as medicine or law, but Auckland University of Technology visiting professor Don Gotterbarn says ethics are as relevant when engineers and developers cut code as when doctors treat patients.

Most people probably don't think of software engineering as an occupation with the same ethical requirements as medicine or law, but Auckland University of Technology visiting professor Don Gotterbarn says ethics are as relevant when engineers and developers cut code as when doctors treat patients.

Gotterbarn, who leaves AUT next month after a year as visiting professor, was chair of the taskforce which developed the Software Engineering Code of Ethics and Professional Practice, which has been adoped in several countries including Australia.

It has also been adoped by various organisations and companies, a prime example being US defence contractor Raytheon, which he claims "has training sessions in it and uses it as their standard of practice for software development". Another major adopter is Indian consulting firm Tata.

Some organisations require employees to sign an undertaking to abide by the code when they join. It has been translated into several languages, including Chinese, Japanese, French, Hebrew and Italian.

The code's first incarnation came in 1999, when it was adoped by the IEEE, ACM (Association for Comptuer Machinery) and US Data Processing Management Association.

A second version, 5.2, came later. Gotterbarn says there will be further versions as the industry changes.

"I see it as having to be modified to address some of the issues coming in computing, such as nanotechnology, when chips are implanted in humans."

A code of ethics sounds nice in theory, but some may ask how much practical application it has. Gotterbarn would reply: "lots".

A tool based on the code has been used in New Zealand by AUT's Sepia (Software Engineering Process Improvement Alliance) and Gotterbarn says running the tool through planned projects resulted in cost savings from spotting issues before the project commenced.

"One project was to develop a genealogical database and the tool was used to identify ethical and social issues that would have been missed if they'd just focused on technical design details."

In the US the code has been an aid to organisations that have adoped it when they've been faced with lawsuits, he says, with defendants showing they used and adhered to the code and achieving a potentially better outcome than if they hadn't adopted the code. Gotterbarn has been called as an expert witness in some legal cases.

Another example of the code having a real impact is in Britain, where, as with AUT's Sepia, an analytical tool based on the code was used during the RFP process of an electronic voting project.

"The UK was going to madate electronic voting by 2005 and we applied the process to their standards and identified a significant number of risks. The risks were addressed and changes made to the RFP requesting respondents to address the risks."

Gotterbarn worked with the UK's Centre for Computing and Social Responsibility on the project.

He says the code has wider relevance beyond software engineers and developers.

"It also helps the customer understand what they can expect of you and where to draw the line. It helps them to know not to ask you to do unethical things."

Asked for an example of an ethical decision a software producer may have to make, Gotterbarn brings up that common security flaw, the buffer overflow.

"When we write telecommunications software, one thing hackers jump on is buffer overflows and the choice of code you choose to write your system in an ethical one.

"If you choose code that facilitates buffer overflows instead of a strongly typed one, you're being unethical." C is used widely in the telecomms industry, he says "and it doesn't have strong typing".

In the software industry in general, "when given the trade-off between a more secure language and one that's convenient for the programmer, unfortunately, the latter is often chosen."

Gotterbarn's work at East Tennessee State University encompasses project management, systems testing and object-oriented development as well as software engineering ethics and he's been at the university since 1971.

He has also run his own consulting firm which did work for the US and Saudi Arabian navies, among other clients.

As for the future of the code, he reiterates that it will change to accomodate new technology and "I would like most software engineering schools to cover ethical issues and include the the code or something equivalent to it."

The code has been adopted by the Australian Computer Society and IEAust, the Australian Institute of Engineers, but it may be some time before it is adopted by the New Zealand Computer Society.

NZCS vice president Richard Donaldson says he views the code as an adjunct to NZCS's own code of ethics, which has been reworked over the past year, after much consultation with the society's members.

"We've spent the last year recasting it and reintroduced it and Don [Gotterbarn] rang me one or two month ago about the international code."

The two codes are quite different, he says, with the NZCS one broader than the international one, which is more focused on developers and engineers.

"I see the international code as a very useful adjunct to ours, but there's work to be done."

NZCS may well adopt the international code. "But it won't be next week or next month; these things take time and consultation."

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.